I would like to point out that since I joined the company as chief executive in December 2007, I had made it clear to the organisation that all laptops in the organisation should be encrypted. Reports coming to me as of February 2009 stated that three laptops were unencrypted and that those three belonged to ladies on maternity leave who had no customer service interaction. Therefore, there was an issue in terms of the reporting on the newer laptops brought in with the Big Switch campaign. That was a lapse for which we take full responsibility.
With regard to the findings of the ODPC and the actions undertaken by Bord Gáis, the commissioner found that appropriate security measures were not in place on the laptop. Bord Gáis took action on this and completed a programme of encryption of all laptops and all desktop computers by 31 July 2009. This measure continues in force. The commissioner found that appropriate measures were not in place on the sales management system to ensure "need to know" access to personal data among approved users. A strict regime of access to customer data on a "needs only" basis has now been fully implemented and is controlled by central IT. It was also found personal data was retained on the laptop for longer than was justifiable. A formal acceptable usage policy and acceptable usage agreement has been implemented throughout the company and a mandatory training awareness programme for all staff — more than 1,035 staff — has taken place. This training applies to all third parties also, including FEXCO, Conduit and other agencies that work on our behalf. It is also part of an ongoing process of induction for all new recruits. We have also instigated a number of new procedures for movers, joiners and leavers within the organisation.
The ODPC made a number of recommendations and action has been taken on these by Bord Gáis. It recommended an immediate review of all access levels to personal data and systems and that an effective system be put in place for granting, reviewing and removing access. We have completed an examination of all user access in the organisation and access on an "essential business only" regime has been implemented and management and control of user access has been placed with the central IT function. The second recommendation was that an appropriate standing governance structure be put in place. We have made the greatest changes in the organisation in this regard. There have also been significant personnel and structural changes in the organisation as a result of this incident. Committee members will understand that when a chief executive who understands everything is in order finds out an incident such as this can happen, action must be taken. An information security committee was established and two additional IT security managers appointed. Members may know we have two sides to our business, networks and energy. We now have two IT security managers appointed to both of those areas. We have also appointed an information risk officer who reports directly, outside of the IT function, to the head of internal audit. This is state-of-the-art governance in accordance with the Data Protection Commission and external consultants. All information security and data protection policies have been fully reviewed and updated. It is mandatory, as mentioned earlier, for all staff to sign the acceptable usage policy and any deviation from that policy is a serious disciplinary matter in our organisation.
It has been made abundantly clear to all staff that personal data should not be downloaded to local drives and should be maintained on networked systems for any use considered appropriate. In the incident in question, one of the four laptops was compromised. The individual involved was a data analyst who was using intermediate files, which are test files for programming rather than a full list database. One could not say the data actually made full sense. It was 834 files of test data which were required for the validation process. The data were not on the C drive but on a map drive which communicates with a central network server. The oversight was that they were being mapped back onto the laptop. Therefore, one would have to have delved into the laptop to find these data files. It was not as straightforward as instant access on the C drive. However, we still found it appropriate to liaise with the Data Protection Commissioner on the issue. We have taken action and instigated a comprehensive mandatory information security and awareness training programme for all staff and third parties and implemented an acceptable usage policy and agreement.
The measures set out represent some of the key steps taken by Bord Gáis to date. The company is well advanced in developing and implementing a best-in-class architecture for information security and data protection. An information security programme office has been established, a standing information security committee has been put in place, we have new policies on information security and data protection, which also applies to our third party contractors, we have a system in place for continuous assessment of risk, which reports to me monthly — as members will understand, I have a serious interest in this area as a result of this management lapse — and we have put in place a new information security organisation.
The break-in at the Bord Gáis premises on 5 June 2009 led to the potential exposure of personal data of a substantial number of our customers. It is fortunate that no case has arisen where such data have been exposed and none of our customers has suffered as a consequence. The incident brought to the fore inadequacies in the Bord Gáis systems and procedures and the company treated these with the utmost gravity from the outset. We are confident the comprehensive regime on information security and data protection now implemented will ensure an incident of this kind will not recur.
The launch of the Big Switch campaign, which took place on 18 February 2009, represented a fundamental step in the fulfilment of the Bord Gáis strategy I set about implementing from the time of my appointment in late 2007. The first pillar of our strategy was to be the leading energy company that would introduce dual fuel offerings to more than 1 million customers. This was to be achieved over five years, but we have achieved it in two years. We aim to provide a best-in-class customer service. Last year Bord Gáis received five international customer service awards across all sectors between Britain and Ireland for the level of customer service it offers customers, both at network and energy level. We set about to acquire and develop an electricity generation portfolio and to integrate our supply business in the North and the South. We are well advanced in that regard.
The second pillar of the strategy is investment for sustainable balance sheet growth. When I joined the company, it had a very healthy balance sheet. It still has that and we are A-minus rated by Standard & Poor's and A2 rated by Moody's. These ratings were reconfirmed in the past week. We have invested significantly in electricity and gas asset investments in Ireland. For example, over the next five years we will spend twice as much on wind farms as on gas pipelines. That is because we are at the stage of the law of diminishing returns with respect to gas pipelines here, in terms of traversing rural lands at €1 million per kilometre for transmission. We have leveraged our balance sheet strength and have entered partnerships of complementary competencies. For example, we are supporting the security of supply of gas in this country through a partnership with GDF Suez of France and Belgium on the development of a £250 million sterling salt cavern gas storage facility in Larne, County Antrim, which will service the whole island. We are making good progress on the size mix analysis for that project. We also established a separate investments division when I joined Bord Gáis. There were two people employed in that area then but we now have more than 100 people employed. Since I joined the organisation, more than 500 new people have been employed, directly and indirectly, by Bord Gáis.
The third pillar of our strategy is based on outperforming regulatory targets. We have outperformed the regulatory expectations in terms of operating cost, capital cost, extension of our gas network and the quality of our networks. We invested €170 million over the past four years and now have the most modern gas network in Europe and no longer have any cast iron network in Dublin. The cast iron network in Dublin has been fully replaced. This was vital from the safety point of view. We have exceeded the terms of our customer charter requirements. The international awards we have received from the Customer Contact Association, CCA, and the Contact Centre Management Association, CCMA, are the best testament to the quality of the service we provide.
On influencing market arrangements, the committee may have heard my views on Corrib and on security of gas supply. I would like to repeat those views. The Corrib gas project is a matter of sovereign gas security, in terms of molecular gas, which will ensure we have indigenous gas available for this market. We will continue to try to influence that agenda.
As stated, the Big Switch campaign was launched on 18 February 2009. The fundamentals are simple. First, there is no contract. We convened focus groups in rural and urban areas to discover what people wanted in the context of choice. We offered a double digit discount on existing rates. It was a simple proposition and easy to switch. The website, TheBigSwitch.ie, accounted for 50% of the total number of switchers we attracted. That is a phenomenal development and provides an indication of the importance of e-channels. We initiated a strong marketing campaign, with well organised operational support.
Bord Gáis Éireann is now the largest dual-fuel supplier in the country. We have some 200,000 dual-fuel customers. It is well over one year into the campaign and we are still taking on approximately 950 new electricity customers every day. The company now has over 1 million gas and electricity customers on the island. We launched a gas choice facility in Belfast which has been well received by SME and industrial customers in the city in recent times.
There has been a great deal of criticism at this committee and in the Dáil and the Seanad regarding the level of liberalisation in the Irish electricity market. As a result of the Big Switch campaign, Ireland has moved from being the 18th most liberalised electricity market in the world to being the second most liberalised. The campaign has actually set in motion a process towards the creation of competition in the market. We have had the highest switching rate per capita in the world during the past 12 months. Bord Gáis Éireann certainly played a role in that regard.
Real competition in the energy market is now a reality. It is noticeable that many other sectors — telecommunications, insurance, etc. — have followed our lead and that there are many advertisements on television and radio which encourage people to make the switch. We commenced a particular conditioning of the market. In the current environment people are seeking value and exemplary service.
The CER recently set out a roadmap for the deregulation of the electricity market. We welcome the fact that there are rules, but we may not have been happy about the fact that the ESB had a 60% share of the market. This still represents an element of dominance. I say this in the context of the fact that we are losing customers in the gas market. I also take the view that there might be a 60% dominant share in that market. A figure of 50% might have been more appropriate. In that context, I have previously put forward the analogy of a grocery store in which bread produced by the person who owns six of the eight most efficient bread factories is sold. Members of this and other committees might be quite concerned about the competition aspects to which this would give rise.
We welcome the intensification of competition in the gas market.